Vulnerability when scanned using OWASP tools

  • Resolved coolertanto

    (@coolertanto)


    5 years, 1 month ago

    Hi,

    I am using security defender for one of my client. Their IT requested us to test the plugins we used using OWASP tools from here

    https://owasp.org/www-project-dependency-check/

    Scroll to the bottom and look for ‘Command Line’. Click on the link to download OWASP Dependency Check. It will download a ZIP file to the Downloads folder.
    1. Start the command line window
    2. cd to project’s folder e.g. cd \Documents\Projects\YourProject\
    3. Run OWASP Dependency check:

    C:\Users\ctmo-user\Documents\Projects\YourProject> C:\Users\ctmo-user\Downloads\dependency-check-6.1.5-release\dependency-check\dependency-check.bat -s .

    Using latest plugin version 2.4.10 there are 2 issues found:
    vue.runtime.js(v2.6.10) and vue.runtime.min.js (v2.6.10) with medium severity level.

    I am aware that vue is not handled by you & team, but since it’s used by the plugin may I know if there’s any plan to upgrade vue version?

    • This topic was modified 5 years, 1 month ago by coolertanto. Reason: Adding in more information
Viewing 4 replies - 1 through 4 (of 4 total)
  • Kris – WPMU DEV Support

    (@wpmudevsupport13)

    5 years, 1 month ago

    Hi @coolertanto

    I hope you are doing good today.

    I pinged our Defender Team to review your query. We will post an update here as soon as more information is available.

    Kind Regards,
    Kris

    Kris – WPMU DEV Support

    (@wpmudevsupport13)

    5 years, 1 month ago

    Hi again @coolertanto

    I consulted this with our Defender Team and we already created a task for this to improve this in Defender. Thank you for your feedback.

    Kind Regards,
    Kris

    Thread Starter coolertanto

    (@coolertanto)

    5 years, 1 month ago

    Hi @wpmudevsupport13

    Thanks you for looking at this issue.

    I am looking forward for the new version update for the plugin

    Thank you

    • This reply was modified 5 years, 1 month ago by coolertanto. Reason: reword
    Plugin Support Patrick – WPMU DEV Support

    (@wpmudevsupport12)

    5 years ago

    Hi @coolertanto

    I hope you are doing well.

    We reported this to our developers and we will be working to improve it, I am marking this thread as resolved for now.

    Feel free to ping us any time you need and please keep the plugin updates and the eyes on changelogs.

    Best Regards
    Patrick Freitas

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Vulnerability when scanned using OWASP tools’ is closed to new replies.